This Page is Inserted by XFW Indexing and Scanning 
Operations and is not part of the Official Record 

BEST AVAILABLE MAGES 

Defective images within this document are mmntotq****** efthrttigW 

documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

□ BLACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 

□ FADED TEXT OR DRAWING 

□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES - fj 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

□ LINES OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHEBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: . - " " 



report these problems to 



(19) 



J 



(12) 



(43) Date of publication: 

01.03.2000 Bulletin 2000/09 



Europdisches Patentamt 
European Patent Office 
Office europtendes brevets (11) EP 0 982 927 A1 

EUROPEAN PATENT APPLICATION 

(51) IntCI. 7 : H04N1/32 



(21) Application number: 99116630.7 

(22) Date of filing: 25.08.1999 



(84) 


Designated Contracting States: 


• Yoshlura, Hiroshi 




AT BE CH CY DE DKES R FRGBGR IE ITU LU 


Bunkyo-ku, Tokyo (JP) 




MCNLPTSE 


• Toyoshima, Hisashi 




Designated Extension States: 


Hachioji-shi,Toyko(JP) 




ALLTLVMKROSI 


• Sarto, Tsukasa 






Suginami-ku, Tokyo (JP) 


(30) 


Priority: 28.08.1998 JP 24334598 


• Tsuchlyama, Cikako 


(71) 




Bunkyo-ku, Toyko (JP) 


Applicant: Hitachi, Ltd. 


• Kikuta, Atsushi 




Chiyoda-ku, Tokyo 101-8010 (JP) 


Kashiwa-shi, Chiba-ken (JP) 


(72) 


Inventors: 


(74) Representative: 




Nagal, Yasuhiko 


Strehl SchQbel-Hopf & Partner 




Bunkyo-ku, Tokyo (JP) 


Maximilianstrasse 54 




Susaki, Seiichl 


80538 MQnchen (DE) 




Totsuka-ku, Yokohama-shi, Kanagawa-ken (JP) 



Csi 

o> 

CM 
CO 

o> 
o 

Q. 
LU 



(54) Method of generating authentication-enabled electronic data 



(57) In an authentication-enabled electronic data 
generating method, strict authentication of the genuine- 
ness of electronic data is enabled, and the genuineness 
is visually expressed to users of electronic data. A dig- 
ital signature is appended to authentication information 
for authenticating an electronic mark B 112 such as a 
Web page 109, a trademark or the like, and then the 



authentication information with the digital signal is 
embedded as an invisible digital watermark into an elec- 
tronic mark A 1 1 1 . Thereafter, the electronic mark A 1 1 1 
which visually expresses the genuineness is embedded 
as a visible digital watermark into the electronic mark B 
112. 
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Description 

BACKGROUND OF THE INVENTION 

1 . Held of the Invention 

[0001 ] The present invention relates to a technique of 
enabling authentication of genuineness of electronic 
data by using image data, and particularly to a tech- 
nique of enabling strict authentication of genuineness of 
electronic data and also visually expressing genuine- 
ness of electronic data on the basis of an image repre- 
sented by the image data. U.S. Patent Applications 
Serial Nos. 09/090,419 and 09/144,989, Japanese Pat- 
ent Application No. Hei-1 0-226882 and Japanese Pat- 
ent Application No. Hei-1 0-24471 9 are applications 
which are relevant to this application. 

2. Description of Related Art 

[0002] A technique called "digital signature" has been 
conventionally known as a technique enabling authenti- 
cation of authenticity of electronic (digital) data 
[0003] The digital signature technique, developed to 
guarantee the authenticity of electronic data, combines 
public key cipher technology with one-way property 
functions. 

[0004] In this technology, a pair of keys, a private key 
S and a public key V which satisfy g (f (n, S) V) = n and 
f(Q V)> S) = n, is created first, where n represents 
data, and f and g represent functions. These formulae 
mean that data encrypted with the private key S may be 
decrypted by with the public key V and that, conversely, 
data encrypted with the public key V may be decrypted 
with the private key S. It should also be noted that it is 
virtually impossible to find the private key S from the 
public key V. 

[0005] Once the private key S and the public key V are 
created, the creator passes the public key V to a partner 
and holds the private key S privately. 
[0006] When the key creator sends data to the part- 
ner, the creator passes data to which a digital signature 
is attached. This digital signature is created by evaluat- 
ing data with a predetermined one-way property func- 
tion and then encrypting the resulting evaluation value 
with the private key S. 

[0007] The one-way property function described 
above can calculate an evaluation value from data, but 
it is impossible to virtually calculate the original data 
from the evaluation value. In addition, it is necessary for 
the one-way property function used in creating a digital 
signature to return a unique bit string for each piece of 
unique data; that is, the probability of the function 
returning the same bit string to two or more pieces of 
data must be very small. An example of such functions 
is a one-way hash function which evaluates data and 
returns a bit string as the evaluation value of the data. 
The evaluation value h(D) calculated by the one-way 



hash function is called the hash value of D, where h is 
the one-way hash function and D is data. 
[0008] Upon receiving data to which a digital signature 
is attached, the receiving partner evaluates the data 

5 with the one-way property function to obtain an evalua- 
tion value and then checks if the evaluation value 
matches the value generated by decrypting the digital 
signature using the public key V. When they match, it is 
verified that the cfigrtal signature was created by the 

w holder of the private key S corresponding to the public 
key V and that the digital signature is for the data that 
was received. 

[0009] Besides, there has been conventionally known 
a WWW system with a WWW (World Wide Web) server 

is program and a Browser program, which uses a publicly- 
open network such as Internet or the like. 
[0010] The WWW system is composed of at least one 
WWW server on which a WWW server program for pub- 
lishing information runs and at least one client terminal 

20 on which a browser program for browsing published 
information runs. Data is transferred between the WWW 
server and the client terminal via the communication 
protocol called HTTP (Hyper Text Transfer Protocol). 
[001 1 ] To publish information on the WWW server, a 

25 server user must create a Web page containing data to 
be published. This page contains text data, image data, 
audio data, video data, and link data to other Web 
pages, all interconnected using a structure description 
language called HTML (Hyper Text Markup Language). 

30 Then, the user stores this Web page in a location (direc- 
tory) in the WWW server so that it may be accessed 
from other computers (client terminals or other WWW 
servers). 

[001 2] To browse a published Web page from a client 
35 terminal using a browser program, a terminal user must 
type the URL (Uniform Resource Locator) of the Web 
page. Then, the Web page is sent from the WWW 
server to the client terminal. The text data, image data, 
and video data of the Web page are displayed on the di- 
40 ent terminal screen. Audio data, if included in the page, 
is produced from the speaker connected to the client 
terminal. 

[001 3] The recent trend is that the WWW system like 
this is used not only as the communication means but 

45 also in business. One such application is an electronic 
commerce system which provides the user with infor- 
mation on goods using this WWW system. 
[0014] In such an electronic commerce system, most 
vendors include into their web pages the image data, 

so such as the logos of credit card companies, to allow the 
user to instantly select one of various payment meth- 
ods. This is similar to a real-world (not a world such as 
the Internet) store where the logos of the credit card 
companies are put up on the counter or in the show win- 

55 dew. 

[0015] Sometimes, a Web page may also contain 
image data, such as logo marks indicating the Web 
page creator or an authentic individual or organization 
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which has authorized the Web page, to allow a Web 
page user to instantly ascertain who has created the 
Web page or that the Web page has been authorized by 
the authentic individual or organization. 
[001 6] Further, as a technique of embedding informa- 
tion into image data is known a digital watermark tech- 
nique disclosed in IBM System Journal Vol. 35, No. 3 & 
4, 1996, pp. 313-336. According to this technique, infor- 
mation is embedded into image data so that variation of 
an image pattern represented by the image data cannot 
be visually recognized and the information embedded in 
the image data cannot be separated from the image 
data. The digital watermark technique with which the 
embedded information cannot be visually recognized 
from the image pattern represented by the image data 
having the information embedded therein is called as an 
"invisfole digital watermark technique". 
[0017] According to such an invisible digital water- 
mark technique, it is expected that illegal use of image 
data can be prevented by embedding identification infor- 
mation of a manufacture or distributor into image data. 
[0018] Furthermore, a digital watermark technique 
disclosed in U.S. Patent No. 5,530,759 is known as a 
technique of imitating tracfitional watermark for image 
data. According to this technique, the brightness of the 
image data represented by a specific image pattern is 
varied in accordance with a watermark image pattern 
representing information to be embedded to thereby 
generate image data which represents the specific 
image pattern and also represents slightly the water- 
mark image pattern. In this case, it is impossible to sep- 
arate the original specific image pattern and the 
watermark image pattern from the watermark embed- 
ded image data thus generated. Such a digital water- 
mark technique that the embedded information can be 
visually recognized from the image pattern represented 
by the information-embedded image data is called as a 
"visible digital watermark technique". 
[0019] According to such a visible cfigrtal watermark 
technique, the visibility of an original image pattern is 
prevented from being greatly damaged by the image 
pattern represented by the image data in which informa- 
tion is embedded, and an image pattern representing a 
manufacturer, a distributor or the like can be presented 
so as to be visually recognizable. 

SUMMARY QF THE INVENTION 

[0020] According to the technique of enabling the gen- 
uineness of electronic data to be authenticated by the 
digital signature, it is so bothersome that not only the 
electronic data, but also the digital signature and the 
electronic data must be managed in combination with 
each other. Since the digital signature is invisible, the 
genuineness of the electronic data cannot be directly 
and visually expressed to a user of the electronic data. 
[0021 ] On the other hand, according to the technique 
containing a logo mark into a Web page, since the logo 



mark can be simply copied and illegally used, it cannot 
be said that the genuineness of the electronic data can 
be authenticated by the logo mark. 
[0022] Therefore, an object of the present invention is 

5 to enable the strict authentication of the genuineness of 
electronic data and visually express the genuineness of 
the electronic data for users of the electronic data. 
[0023] In order to attain the above object, according to 
the present invention, there is provided a method of 

ro generating authentication-enabled electronic data, 
comprising the steps of: embedding digital-signature 
appended authentication information for authenticating 
the electronic data as an invisible digital watermark into 
a first image and applying a visually-recognizable alter- 

75 ation to the first image data embedded with the invisible 
digital watermark to generate a second image; and 
inserting the second image into the electronic data to 
generate the authentication-enabled electronic data. 
[0024] According to the authentication-enabled elec- 

20 tronic data generated by the above method, the genu- 
ineness of the electronic data can be strictly 
authenticated by the digital-signature appended 
authentication information embedded as the invisible 
digital watermark. Further, a desired mark such as a 

25 trademark or the like can be displayed by the second 
image contained in the display of the authentication- 
enabled electronic data, and the genuineness of elec- 
tronic data which cannot be perfectly represented by 
only the normal display of a mark such as a trademark 

30 or the like can be visually represented by the alteration 
applied to the second image. 

DESCRIPTION OF THE DRAWINGS 

35 [0025] 

Fig. 1 is a block diagram showing a configuration of 
a genuineness authentication system for digital 
contents according to a first embodiment of the 
40 present invention; 

Fig. 2 is a block diagram showing a configuration of 
a mark-pasted content creating device according to 
the first embodiment of the present invention; 
Fig. 3 is a block diagram showing a configuration of 
45 a content authentication device according to the 
first embodiment of the present invention; 
Fig. 4 is a block diagram shewing a configuration of 
an electronic computer usable to implement the 
mark-pasted content creating device and the con- 
so tent authentication device according to the first 
embodiment of the present invention; 
Fig. 5 is a diagram showing a processing of the 
mark-pasted content creating device according to 
the first embodiment of the present invention; 
55 Fig. 6 is a flowchart showing a procedure of the 
operation of the mark-pasted content creating 
device according to the first embodiment of the 
present invention; 



3 



5 



EP 0 982 927 A1 



6 



Fig. 7 is a flowchart showing a procedure of the 
operation of the content authentication device 
according to the first embodiment of the present 
invention; 

Fig. 8 is a flowchart showing a procedure of the s 
operation of the mark-pasted content creating 
device according to a second embodiment of the 
present invention; 

Fig. 9 is a diagram showing a processing of the 
mark-pasted content creating device according to to 
the second embodiment of the present invention; 
Fig. 10 is a flowchart showing a procedure of the 
operation of the content authentication device 
according to the second emfcxxfimerrt of the present 
invention; is 
Rg. 11 is a diagram showing a processing of the 
mark-pasted content creating device according to a 
third embodiment of the present invention; 
Rg. 12 is a block diagram showing a configuration 
of the content authentication device according to a 20 
fourth embocfimerrt of the present invention; 
Rg. 13 is a flowchart showing a procedure of the 
operation of the mark-pasted content creating 
device according to the fourth embodiment of the 
present invention; 25 
Rg. 14 is a diagram showing a processing of the 
mark-pasted content creating device according to 
the fourth embodiment of the present invention; 
Rg. 15 is a flowchart showing a procedure of the 
operation of the content authentication device 30 
according to the fourth embodiment of the present 
invention; and 

Rg. 16 is a diagram showing a processing of the 
mark-pasted content creating device according to a 
fifth embodiment of the present invention. 35 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[0026] Preferred embodiments according to the 40 
present invention will be described hereunder with refer- 
ence to the accompanying drawings. 
[0027] A first embodiment of the present invention will 
be described by applying the present invention to a case 
where genuineness of a web page can be authenticated 45 
by electronic data 

[0028] Rg. 1 shows a configuration of a genuineness 
authentication system of a digital content according to 
the first embodiment of the present invention. 
[0029] As shown in Fig. 1, the genuineness authenti- so 
cation system of the digital content comprises a mark- 
pasted content generating device 100 and a content 
check device 200. 

[0030] The mark-pasted content generating device 
1 00 comprises an operating unit 1 02 and a storage unit 55 
103, as shown in Fig. 2. 

[0031 ] The operating unit 1 02 comprises an input/out- 
put unit 104 serving as an input/output interface to the 



external, an information insertion unit 106 for executing 
various processing such as digital signature processing, 
invisible digital watermark processing and visfole digital 
watermark processing to generate an information- 
appended electronic mark in which authentication infor- 
mation is embedded, a mark pasting unit 107 for pasting 
the information-appended electronic mark to the con- 
tent and a controller 1 05 for controlling the operation of 
these processing. In the storage unit 103 are stored a 
content 109 whose genuineness is to be authenticated, 
authentication information 110 containing, feature infor- 
mation on the content (for example, URL of the content), 
information on an authentication source, effective term 
information, etc., private (secret) key information 108 of 
the authentication source for creating a digital signa- 
ture, a mark part A 1 1 1 and a mark part B 1 1 2, informa- 
tion-appended electronic mark 113, a mark-pasted 
content 114 obtained by pasting the information- 
appended electronic mark 1 13 to the content 109. 
[0032] The content check device 200 comprises an 
operating unit 202 and a storage unit 203 as shown in 
Fig. 3. 

[0033] The operating unit 202 comprises an input/out- 
put unit 204 serving as an input/output interface to the 
external, a mark cut-out unit 206 for cutting out the infor- 
mation-appended electronic mark portion from the 
mark-pasted content, an information extraction unit 207 
for extracting digital-signature appended authentication 
information as extraction information from the informa- 
tion appended electronic mark, a cfigital signature check 
unit 208 for checking the digital signature of the extrac- 
tion information and the authentication information, a 
genuineness expression information selecting/compos- 
ing unit 209 for generating result notification information 
on the basis of the check results of the signature and 
the authentication information, and a controller 205 for 
controlling the operation of these processing. In the 
storage unit 203 are stored a mark-pasted content 210, 
a content 211 separated/extracted from the mark- 
pasted content 210, an information-appended elec- 
tronic mark 212, extraction information 213, a public 
(open) key 214 of an authentication source to decrypt 
the digital signature, a check result 21 5 of the digital sig- 
nature and the extraction authentication information, 
and genuineness expression information 216 as frame 
display information of a check result notification of the 
signature and the authentication information. 
[0034] Here, as shown in Rg. 4, the mark-pasted con- 
tent generating device 100 and the content check 
device 200 can be built up in an electronic computer 
having a general construction which includes a CPU 
301, a main memory 302, an external storage device 
303a serving as a hard disc device, another external 
storage device 303b, a communication controller 304, 
an input device 305 such as a keyboard or a pointing 
device and an output device 306 such as a display 
device. 

[0035] In this case, the operating unit 1 02 of the mark- 
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pasted content generating device 100 and each part of 
the operating unit 102 are implemented as processes 
embodied on the electronic computer by executing pro- 
grams loaded into the main memory 302 by the CPU 
301 . In this case, the main memory 302 and the exter- 5 
nal storage devices 303a and 303b are used as the 
storage unit of the mark-pasted content generating 
device 100. Likewise, the operating unit 202 of the con- 
tent check device 200 and each part of the operating 
unit 202 are implemented as processes embodied on 
the electronic computer by executing programs loaded 
into the main memory 302 by the CPU 301 . In this case, 
the main memory 302 and the external storage device 
303a and 303b are used as the storage unit 203 of the 
content check device 200. 

[0036] The programs which are loaded into the main 
memory 302 and executed by the CPU 301 to construct 
the mark-pasted content generating device 1 00 and the 
content check device 200 on the electronic computer 
are stored in the external storage device 303a in 
advance, and they are loaded to the main memory 302 
and executed by the CPU 301 as occasion demands. 
Alternatively, the programs may be directly loaded from 
a portable storage medium 307 through the external 
storage device 303b handling a portable storage 
medium 307 such as CD-ROM or the like and then exe- 
cuted by the CPU 301 as occasion demands. Or, the 
programs may be temporarily installed from the portable 
storage medium 307 through the external storage 
device 303b handling a portable storage medium onto 
the external storage device 303a such as a hard disc 
device, and then loaded to the main memory 302 and 
executed by the CPU 301 as occasion demands. 
[0037] The mark-pasted content generating device 
100 may be built up on the electronic computer in which 
an editor program for creating Web pages is actuated. 
In this case, the mark-pasted content generating device 
100 shown in Fig. 2 may be implemented as a process 
of plug-in software supplying a function to the process 
of the editor program. In this case, the process of the 
plug-in software is started from the process of the editor 
program, and the process of the editor program takes a 
Web page under edition as a content and carries out the 
processing of the mark-pasted content generating 
device 100 as described later to create as a mark- 
pasted content a Web page to which an information- 
appended electronic mark is attached. The pasting of 
the information-appended electronic mark to the Web 
page is performed by inserting the description of URL of 
the information-appended electronic mark into the 
HTML description of the Web page by using a < IMG 
SRC Mag. 

[0038] The content check device 200 may be built up 
on the electronic computer in which a browser program 
to browse the Web page is actuated. In this case, the 
content check device 200 shown in Fig. 3 may be imple- 
mented as the process of the plug-in software supplying 
the function to the process of the browser program. In 



this case, when the display of the information-appended 
electronic mark in the Web page is selected by the user, 
the process of the plug-in software is started from the 
process of the browser program, and the browser pro- 
gram cuts out the information-appended electronic 
mark selected by the user while setting the Web page 
under display as a mark-pasted content and then per- 
forms the processing of the content check device 200 
described later to generate and display the genuine- 
ness expression information 216 as frame display infor- 
mation of the check result notification of the signature 
and the authentication information. 
[0039] Next, the operation of the genuineness authen- 
tication system of the digital content according to the 
first embodiment will be described by applying this 
embodiment to a case where the content 109 whose 
genuineness is to be authenticated is a Web page of an 
electronic shopping on the Internet shown in Fig. 5. 
[0040] First, the operation of the mark-pasted content 
generating device 100 will be first described. 
[0041 ] Fig. 6 shows the procedure of the processing 
executed by the mark-pasted content generating device 
100. 

[0042] First, the content 1 09, the authentication infor- 
mation 110 including content information (URL of the 
content), authentication source information (Merchant 
A) and mark effective term information (1 9xx/yy/xx), the 
authentication source private key 108 for digital signa- 
ture, and a mark part A (Merchant A) 1 1 1 and a part B 
1 12 are beforehand stored in the storage unit 103. 
[0043] When the input/output unit 104 receives an 
information-appended electronic mark creating request, 
the controller 1 05 actuates the information insertion unit 
106. 

[0044] The information insertion unit 106 thus actu- 
ated first calculates the hash value of the authentication 
information 110, encrypts the hash value with the pri- 
vate key 108 to generate a digital signature and adds it 
to the authentication information 110, thereby creating 
the authentication information 403 with the digital signa- 
ture of Fig. 5 (step 501). Subsequently, the authentica- 
tion information 403 with the digital-signature is 
embedded in an unseparable and invisible digital water- 
mark style into the mark part A 1 1 1 representing partial 
information (for example, authentication source) of the 
authentication information (step 502). Thereafter, the 
mark part A 1 11 is embedded into the mark part B (for 
example, trademark) 112 in a digital watermark style 
which is separable through the inverse conversion 
processing and visualized (for example, visualizing dig- 
ital watermark using brightness information), thereby 
generating information-appended electronic mark 113 
(step 503). This isbecausethe mark part A 111 is set as 
a certification display for the genuineness in which the 
authentication information is visualized. 
[Q045] Here, the invisible digital watermark means a 
digital watermark obtained by embedding information 
as a digital watermark so that the content of information 
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to be embedded cannot be visually recognized, and the 
visible digital watermark means a digital watermark 
obtained by embedding an image as a digital watermark 
into another image so that an image pattern of the 
image to be embedded can be visually recognized. The 5 
inverse-transform separable watermark style means a 
watermark style in which information is watermarked by 
a specific brightness conversion processing and then 
an image embedded as the digital watermark can be 
separated by the inverse conversion processing. 10 
[0046] Subsequently, the controller 105 actuates the 
mark pasting unit 107, and the mark pasting unit 107 
pastes the information-appended electronic mark 113 
to the content 1 09 by defining URL of the file of the infor- 
mation-appended electronic mark (for example, a URL 15 
of GIF file) in an image tag of HTML, thereby generating 
the mark-pasted content 114 (step 504). 
[0047] Next, the operation of the content check device 
200 will be described. 

[0048] Fig. 7 shows the procedure of the operation of 20 
the content check device 200. 
[0049] Here, the mark-pasted content 210 and the 
public key 214 of the mark authentication source are 
beforehand stored in the storage device 203. Upon 
receiving a check request through the input/output unit 25 
204 when the mark-pasted content 210 is displayed by 
the browser program descrtoed above, the controller 
204 actuates the mark cut-out unit 206. 
[0050] The mark cut-out unit 206 thus actuated cuts 
out the information-appended electronic mark 212 from 30 
the mark-pasted content 210 (step 601), and the con- 
troller 204 actuates the information extraction unit 207. 
[0051 ] The information extraction unit 207 separates 
and extracts from the information-appended electronic 
mark 212 the mark part A 1 1 1 which has been embed- 35 
ded as a visible digital watermark through the inverse 
conversion (step 602), and extracts as the extraction 
information 213 the digital-signature appended authen- 
tication information which has been inserted in the mark 
part A 1 1 1 as an invisible digital watermark (step 603). 40 
The controller 205 actuates the digital signature check 
unit 208. 

[0052] The digital signature check unit 208 checks the 
genuineness and reasonability of the mark-pasted con- 
tent 210 on the basis of the coincidence between the 45 
hash value of the authentication information of the dig- 
ital-signature appended authentication information and 
the hash value calculated by decrypting the digital sig- 
nature of the digital-signature appended authentication 
information with the public key 214, the coincidence so 
between the content information (URL) contained in the 
authentication information of the digital-signature 
appended authentication information and the informa- 
tion (URL) of the mark-pasted content 210 and the 
effectiveness of the effective term contained in the ss 
authentication information of the digital-signature 
appended authentication information, and generates a 
check result (OK/NG) 215 (Step 604). 



[0053] Finally, the controller 205 actuates the genuine- 
ness expression information selecting/composing unit 
216, generates the genuineness expression information 
216 (for example, a check result text message) to dis- 
play the check result (OK/NG) 215, and then outputs it 
to the input/output unit 204 (step 605). 
[0054] The foregoing description is made on the first 
embodiment 

[0055] As described above, according to the first 
embodiment, the genuineness of a main electronic 
mark such as a trademark or the like and a content can 
be expressed to be visually recognizable by the pres- 
ence or absence of a sub-electronic mark which is 
embedded as a visible digital watermark in the main 
electronic mark, and also the genuineness can be 
strictly authenticated by the digital-signature appended 
authentication information which is embedded as an 
invisible digital watermark in the main electronic mark 
such as a trademark or the like. 
[0056] Next, a second embodiment of the present 
invention will be described. 

[0057] According to the second embodiment, the fol- 
lowing modifications are made on the processing of cre- 
ating the information-appended electronic mark 113 
which is executed by the information insertion unit 106 
of the mark-pasted content generating device 1 00 of the 
first embodiment and the processing of extracting the 
extraction information 21 3 from the information- 
appended electronic mark 212 in the information extrac- 
tion unit 207 of the content check device 200. 
[0058] Fig. 8 shows the procedure of the processing 
executed by the mark-pasted content generating device 
100. 

[0059] In this embodiment, the information insertion 
unit 1 06 creates the digital-signature appended authen- 
tication information 403 of Fig. 9 in the same manner as 
the first embodiment (step 501). Subsequently, the dig- 
ital-signature appended authentication information 403 
is embedded into the mark part A 1 1 1 (for example, a 
trademark) as an unseparable and invisible digital 
watermark (step 502), and then a mark part B 112 
which has the transparent background and represents 
partial information (for example, an authentication 
source) of the authentication information is superposed 
on the mark part A 1 1 1 to generate an information- 
appended electronic mark 1 1 3 having a two-layer struc- 
ture (step 1201). The information-appended electronic 
mark 113 thus generated is an image in which the 
image pattern of the mark part A 111 appears in most of 
the background portion of the mark part B 112. The 
mark pasting unit 107 pastes the information-appended 
electronic mark 113 to the content 109 to generate a 
mark-pasted content 114 (step 504). 
[0060] When the mark part B is overlaid on and 
pasted to the mark part A 1 1 1 in which the digital-signa- 
ture appended authentication information as described 
above is embedded, the following process is performed. 
[0061 ] That is, an HTML description in which the con- 
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tent of a table containing the mark part A 1 1 1 in which 
the digital-signature appended authentication informa- 
tion 403 is embedded as a background image is set as 
the mark part B 1 12 is created. In this case, the mark 
part B 112 is embedded is assumed as a transparent 5 
Gl F file. The description of the table as described above 
is inserted into the HTML description of a Web page. 
[0062] Fig. 1 0 shows the procedure of the operation of 
the content check device 200 accord ng to the second 
embodiment. 10 
[0063] As shown in Fig. 10, in this processing, the 
information-appended electronic mark 212 is cut out 
from the mark-pasted content 210 as in the case of the 
first embodiment (step 601). The information extraction 
unit 207 removes the mark part B from the information- 15 
appended electronic mark 212 to separate and extract 
the mark part A 111 (step 1301), and extracts as the 
extraction information 213 the digital-signature 
appended authentication information which is inserted 
as an invisible digital watermark into the mark part A 20 
1 1 1 (step 603). As in the case of the first embodiment 
the digital signature check unit 208 checks the genuine- 
ness and reasonability of the mark-pasted content 210 
(step 604), and the genuineness expression information 
selecting/composing unit 216 generates the genuine- 25 
ness expression information 216 (for example, a check 
result text message) and outputs it from the input/output 
unit 204 (step 605). 

[0064] The above-described second embodiment may 
be implemented in the following mode. 30 
[0065] That is, the information extracting unit 207, the 
digital signature check unit 208 and the genuineness 
expression information selecting/composing unit 216 of 
the content check device 200 are provided as extension 
programs of the server program on the WWW server 35 
which makes the Web page (mark-pasted content 114) 
on the Internet. The other portions of the content check 
device 200 are provided as the plug-in programs of the 
browser programs browsing the Web page at the client 
side at which the browser program runs. 40 
[0066] The WWW server sets at least the mark part A 
1 1 1 embedded with the unseparable and invisible digital 
watermark serving as the background image of the 
table in a no-cache indication mode (a mode of indicat- 
ing prohfortion of storage of data into local cache of a cli- 45 
ent) by a proper program through CGI and feeds the 
Web page (mark-pasted content 114),. The direct 
access to the mark part A 111 embedded with the 
unseparable and invisible digital watermark serving as 
the background image of the table by the client is so 
rejected by the proper program through CGI. 
[0067] Accordingly, the client cannot copy the mark 
part A 1 1 1 embedded with the unseparable and invisi- 
ble digital watermark serving as the background image 
of the table by using a normal copying procedure, and 55 
thus an unauthorized person who accesses the mark- 
pasted content 1 14 as a client can be prohibited from 
illegally copying and using the mark part A 1 1 1. 



[0068] On the other hand, at the client side, the plug- 
in program actuated from the browser program requests 
to the Web server the check of the information- 
appended electronic mark 212 indicated by the user on 
the Web page. The extension program on the server 
program on the Web server receiving the request 
checks the genuineness and reasonability of the Web 
page (mark-pasted content 114) from the information- 
appended electronic mark 212 on the Web server as 
described above, generates the genuineness expres- 
sion information (for example, check result text mes- 
sage) and then outputs it to the client The plug-in 
program of the browser program at the client side dis- 
plays it 

[0069] The foregoing description is made on the sec- 
ond embodiment of the present invention. 
[0070] As described above, according to the second 
embodiment the genuineness of the electronic mark 
such as a trademark or the like and the content can be 
expressed so as to be visually recognizable by the pres- 
ence or absence of the display of an electronic mark 
having a transparent background which is overlaid on 
the electronic mark, and also the genuineness can be 
strictly authenticated on the basis of the digital signa- 
ture appended authentication information which is 
embedded as an invisible digital watermark into an elec- 
tronic mark such as a trademark or the like. Further, by 
supplying an electronic mark such as a trademark or the 
like to a client in the no-cache indication mode 
described above, the copying of the electronic mark can 
be prevented, and thus illegal use can' be prevented. 
[0071 ] Next, a third embodiment of the present inven- 
tion will be described hereunder. 
[0072] In the third embodiment, the following modifica- 
tions are made to the processing of creating the infor- 
mation-appended electronic mark 113 executed by the 
information insertion unit 106 of the mark-pasted con- 
tent generating device 100 of the first embodiment, and 
the processing of extracting the extraction information 
213 from the information-appended electronic mark 212 
in the information extraction unit 207 of the content 
check device 200 of the first embodiment. Further, in 
place of the mark part B 112, mark genuineness/type 
indication brightness/chroma (color) information 1403 is 
beforehand stored in the storage unit 103 of the mark- 
pasted content generating device 100, and mark genu- 
ineness/type indication brightness/chroma information 
1404 is beforehand stored in the storage unit 103 of the 
content generating device 1 00. 
[0073] As shown in Fig. 11, the mark genuine- 
ness/type indication brightness/chroma information 
1403, 1404 defines the corresponding relationship 
between the authentication type and the bright- 
ness/chroma value contained in the authentication infor- 
mation 110, and the mark genuineness/type indication 
brightness/chroma information 1403 and the mark gen- 
uineness/type indication brightness/chroma information 
1404 have the same content 
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[0074] In the third embodiment, the information inser- 
tion unit 106 of the mark-pasted content generating 
device 100 embeds the digital-signature appended 
authentication information 403 obtained by adding the 
digital signature to the authentication information con- 5 
taining an authentication type (tor example, position cer- 
tification) in an invisible digital watermark style into the 
mark part A 1 1 1 (trademark) at a differential portion 
between predetermined brightness/color and the bright- 
ness/chroma of the mark part A 111 so that at least a w 
part of the mark part A 1 1 1 has the brightness/chroma 
(for example, red color for position certification in case 
of trademark) corresponding to the authentication type 
indicated by the mark genuineness/type indication 
brightness/chroma information 1403 to the extent that it 15 
can be visually recognized by the human, thereby gen- 
erating the information-appended electronic mark 113. 
[0075] The information extraction unit 207 of the con- 
tent check device 200 extracts as the extraction infor- 
mation the digital-signature appended authentication 20 
information 214 which is embedded as an invisible dig- 
ital watermark in the information-appended electronic 
mark 212. At this time, it may be checked whether the 
brightness/chromaticfties of at least a part of the infor- 
mation-appended electronic mark 212 as described 2s 
above is the brightness/color registered in the mark 
genuineness/type indication brightness/chroma infor- 
mation 1404, and then the check result may be dis- 
played. 

[0076] As described above, according to the third 30 
embodiment, the genuineness of the electronic mark 
and the content or the type of the genuineness can be 
expressed so as to be visually recognizable by the 
brightness/color of the electronic mark such as a trade- 
mark or the like, and also the genuineness can be 35 
strictly authenticated by the digital-signature appended 
authentication information embedded as an invisible 
digital watermark. 

[0077] The following modifications may be made to 
the third embodiment 40 
[0078] That is, the brightness/color which is varied to 
the extent that the human cannot visually perceive to 
the brightness, color used in the electronic mark A is 
registered in association with the authentication type in 
the mark genuineness/type indication bright- 45 
ness/chroma information 1403, 1404, and it is embed- 
ded as an invisible digital watermark at this brightness, 
color potion. Specifically, the brightness/color whose 
variation is perceived as white by the human is regis- 
tered. This brightness/color is embedded at a white por- so 
tion of the electronic mark A, whereby the content check 
device 200 can recognize the authentication type on the 
basis of the brightness/color of the information- 
appended electronic mark and makes it invisible to the 
human. This method may be used to classify many elec- ss 
tronic marks in accordance with the authentication type 
on the basis of the brightness/color thereof. 
[0079] The foregoing description is made on the third 



embodiment. 

[0080] Next, a fourth embodiment of the present 
invention will be described. 

[0081 ] The fourth embodiment is similar to that of Fig. 
2 in the construction of the mark-pasted content gener- 
ating device 100, however, it is different in the process- 
ing of creating the information-appended electronic 
mark 113 which is executed by the information insertion 
unit 107. The content check device 200 according to the 
fourth embodiment has the construction shown in Fig. 
1 2. That is, the construction of the content check device 
200 according to the fourth embodiment is substantially 
the same as the construction of the content check 
device shown in Fig. 3, however, it is different in that a 
display operation unit 220 is provided to the operating 
unit 202. 

[0082] First, the operation of the mark-pasted content 
generating device 100 will be described. 
[0083] Fig. 1 3 shows the procedure of the operation of 
the mark-pasted content generating device 100. The 
procedure of creating the information -appended elec- 
tronic mark 113 executed by the information insertion 
unit 107 as shown in Fig. 13 will be described. 
[0084] As shown in Fig. 14, the information insertion 
unit 106 first contains the data of the mark part A 1 1 1 
into the authentication information 110 (step 801). Here, 
the mark part A is a perfect mark (for example, a perfect 
trademark) or a tally impression type mark which is a 
divisional part of a perfect mark and constitutes the per- 
fect mark when it is combined with the other divisional 
mark B 1 12. The information insertion unit 107 creates 
the digital-signature appended authentication informa- 
tion 403 added with the cfigital signature of the authenti- 
cation information containing the electronic mark A 1 1 1 
(step 501). Subsequently, the digital-signature 
appended authentication information 403 is embedded 
into the mark part B 1 1 2 in an unseparable and invisible 
digital watermark style to generate the information- 
appended electronic mark 113 (step 802). The mark 
pasting unit 107 pastes the information -appended elec- 
tronic mark 113 to the content 109 to generate the 
mark-pasted content 114 (step 504). 
[0085] Next, the operation of the content check device 
100 will be described. 

[0086] Fig. 1 5 shows the procedure of the operation of 
the content check device 100. 
[0087] The mark cut-out unit 206 first cuts out the 
information-appended electronic mark 212 from the 
mark-pasted content 210 (step 601). The digital-signa- 
ture appended authentication information embedded as 
an invisible watermark is extracted as the extraction 
information 214 from the information-appended elec- 
tronic mark 212 by the information extraction unit 207 
(step 901). 

[0088] Here, when a prior strict check request is set in 
advance (step 902), the digital signature check unit 208 
checks the genuineness and reasonabilrty of the mark- 
pasted content 210 on the basis of the coincidence 
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between the hash value of the authentication informa- 
tion of the digital signature appended authentication 
information, the hash value calculated by decrypting the 
digital signature of the digital signature appended 
authentication information and the public key 214, the 
coincidence between the content information (URL) 
contained in the authentication information of the digital 
signature appended authentication information and the 
information (URL) of the mark-pasted content 210 and 
the effectiveness of the effective term contained in the 
authentication information of the digital signature 
appended authentication information (step 604). K the 
check result is NG (step 903), the genuineness expres- 
sion information selecting/composing unit 216 gener- 
ates genuineness expression information 216 (for 
example, check result text message) for displaying the 
check result (NG) 21 5, and outputs it from the input/out- 
put unit 204 (step 605). If the check result is OK (step 
903), the display operating unit 220 picks up the elec- 
tronic mark A contained in the authentication informa- 
tion. If the electronic mark is a perfect type mark, the 
electronic mark A is displayed on the Web page in place 
of the electronic mark B. On the other hand, if the elec- 
tronic mark is a tally impression type mark, the elec- 
tronic mark A is combined with the electronic mark B to 
display the perfect type mark on the Web page. 
[0089] On the other hand, when no prior strict check 
request is set (step 902, 906), the display operating unit 
220 picks up the electronic mark A contained in the 
authentication information, tf the electronic mark is a 
perfect type mark, the electronic mark A is displayed on 
the Web page in place of the electronic mark B. H the 
electronic mark is a tally-impression type mark, the 
electronic mark A and the electronic mark B are com- 
bined with each other to display the perfect type mark 
on the Web page Thereafter, the digital signature check 
unit 208 checks the genuineness and reasonability of 
the mark-pasted content 210 on the basis of the coinci- 
dence between the hash value of the authentication 
information of the digital signature appended authenti- 
cation information and the hash value calculated by 
decrypting the digital signature of the digital signature 
appended authentication information with the public key 
214, the coincidence between the content information 
(URL) contained in the authentication information of the 
digital signature appended authentication information 
and the information (URL) of the mark-pasted content 
210 and the effectiveness of the effective term con- 
tained in the authentication information of the digital sig- 
nature appended authentication information (step 604), 
and the genuineness expression information select- 
ing/composing unit 216 generates the genuineness 
expression information 216 (for example, check result 
text message) for displaying the check result (OK/NG) 
215 and outputs it from the input/output unit 204 (step 
605). 

[0090] The foregoing description is made on the fourth 
embodiment of the present invention. 



[0091] As described above, according to the fourth 
embodiment of the present invention, when no prior 
strict check request is set, the genuineness of an elec- 
tronic mark such as a trademark or the like and a con- 

5 tent or the type of the genuineness can be expressed so 
as to be visually recognizable by checking whether the 
electronic mark is displayed in a perfect style or not, and 
the genuineness can be strictly authenticated by the 
digital-signature appended authentication information 

70 which is embedded as an invisfole watermark. Further, 
when a prior strict check request is set, the strict 
authentication result of the genuineness can be indi- 
cated by checking whether an electronic mark such as a 
trademark or the like is displayed in a perfect style or 

15 not. 

[0092] Next, a fifth embodiment according to the 
present invention will be described. 
[0093] As shown in Fig. 1 6, the fifth embodiment of the 
present invention is designed so that the electronic 

20 mark B 1 12 of the fourth embodiment is a perfect type 
mark (a trademark or the like), the electronic mark A is 
a mark representing genuineness (for example, a vafid- 
ness mark) and the electronic mark A is displayed in 
place of the electronic mark B in step 905 of Fig. 15. 

25 [0094] According to the fifth embodiment of the 
present invention, when no prior strict check request is 
set, the genuineness of the electronic mark and the con- 
tent or the type of the genuineness can be expressed so 
as to be visually recognizable by checking whether the 

30 validness mark is displayed or not, and the genuineness 
can be strictly authenticated by the digital-signature 
appended authentication information embedded as an 
invisible watermark. On the other hand, when a prior 
strict check request is set, the strict authentication result 

35 of the genuineness can be indicated by the validness 
mark. 

[0095] As described above, according to the present 
invention, the genuineness of the electronic data can be 
strictly authenticated, and the genuineness can be visu- 
40 ally expressed to the users of the electronic data. 

Claims 

1. A method of generating authentication-enabled 
45 electronic data, comprising the steps of: 

embedding digital-signature appended authen- 
tication information for authenticating the elec- 
tronic data as an invisible digital watermark into 
so a first image and subjecting the first image with 

the invisible dgital watermark to a visually-rec- 
ognizable alteration to generate a second 
image; and 

inserting the second image into the electronic 
55 data to generate the authentication-enabled 

electronic data. 

2. A method of generating authentication-enabled 
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electronic data, comprising the steps of: 

embedding digital-signature appended authen- 
tication information for authenticating elec- 
tronic data as an invisible digital watermark into 
a first image to generate a second image; 
embedding the second image as a visible dig- 
ital watermark into a third image to generate a 
fourth image; and 

inserting the fourth image into the electronic 
data to generate the authentication-enabled 
electronic data. 

3. A method of generating authentication-enabled 
electronic data, comprising the steps of: 

embedding digital-signature appended authen- 
tication information for authenticating elec- 
tronic data as an invisible cfigrtal watermark into 
a first image to generate a second image; 
superposing the second image and a third 
image on each other so that the image pattern 
of the third image and the image pattern of the 
second image are visually recognizable, 
thereby generating a fourth image having a 
double-layer structure; and 
inserting the fourth image into the electronic 
data to generate the authentication-enabled 
electronic data. 

4. A method of generating authentication-enabled 
electronic data, comprising the steps of : 

embedding digital-signature appended authen- 
tication information for authenticating elec- 
tronic data as an invisible digital watermark into 
a first image so that the brightness or chroma- 
ticities of the image has a predetermined visu- 
ally-recognizable characteristic, thereby 
generating a second image; and 
inserting the second image into the electronic 
data to generate the authentication-enabled 
electronic data. 

5. A method of generating authentication-enabled 
electronic data, comprising the steps of: 

embedding digital-signature appended authen- 
tication information for authenticating elec- 
tronic data and first image data as an invisible 
digital watermark into a second image to gen- 
erate a third image; and 
inserting the third image into the electronic 
image to generate the authentication-enabled 
electronic data. 

6. A method of generating an authentication-enabled 
Web page to be supplied from a Web server to a cli- 



ent, comprising the steps of: 

embedding digital-signature appended authen- 
tication information for authenticating a Web 

s page as an invisible watermark into a first 

image to generate a second image; 
superposing a third image having a transparent 
portion on the second image thus generated to 
generate a fourth image having a double-layer 

w structure; 

inserting the fourth image into the Web page to 
generate the authentication-enabled Web 
page; and 

describing as processing of said Web server a 
15 description of supply of the Web page contain- 

ing the fourth image to the client when the cli- 
ent accesses the authentication-enabled Web 
page, and a description of non -supply of the 
second image when the client directly 
20 accesses the second image. 

7. A method of checking the authentication-enabled 
electronic data generated by the method as 
claimed in claim 4, comprising the steps of: 

25 

measuring the brightness or chromaticrties of 
the second image contained in the authentica- 
tion-enabled electronic data; and 
checking whether the brightness or chromatid - 
30 ties thus measured has the predetermined 

characteristic, and outputting the check result. 

8. A method of displaying the authentication-enabled 
electronic data generated by the method as 

35 claimed in claim 5, comprising the steps of: 

extracting the data of the first image embedded 
as the digital watermark from the third image 
contained in the authentication-enabled elec- 

40 tronic data; and 

including the display of the first image repre- 
sented by the first image data extracted or the 
combined display of the display of the first 
image and the display of the third image in the 

45 display of the authentication-enabled electronic 

data in place of the display of the third image. 

9. A method of authenticating the authentication-ena- 
bled electronic data generated by the method as 

so claimed in claim 5 and displaying a check result, 
comprising the steps of: 

authenticating the electronic data by using 
authentication information and a digital signa- 
55 ture embedded as a digital watermark in the 

third image contained in the authentication- 
enabled electronic data; and 
extracting the data of the first image embedded 
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as a digital watermark from the third image 
contained in the authentication-enabled elec- 
tronic data when the electronic data can be 
authenticated; and 

including the display of the first image repre- s 
sented by the first image data extracted or the 
combined display of the display of the first 
image and the display of the third image in the 
display of the authentication-enabled electronic 
data in place of the display of the third display. 10 

10. An authentication-enabled electronic data generat- 
ing device for generating authentication-enabled 
electronic data comprising: 

15 

means for embedding digital-signature 
appended authentication information for 
authenticating electronic data as an invisible 
digital watermark into a f irst image and subject- 
ing the first image with the invisible digital 20 
watermark to a visually-recognizable alteration 
to generate a second image; and 
means for inserting the second image into the 
electronic data to generate a mark-pasted elec- 
tronic data as the authentication-enabled elec- 25 
tronic data. 

11. A storage medium in which a program to be read 
out and executed by an electronic computer is 
stored, wherein: 30 

said program makes said electronic computer 
execute: 

a step of embedding digital-signature 35 
appended authentication information for 
authenticating the electronic data as an 
invisible digital watermark into a first 
image, and generating a second image 
which has been subjected to a visually-rec- 40 
ognizabie alteration; and 
a step of inserting the second image into 
the electronic data to generate the authen- 
tication-enabled electronic data. 

45 

12. An authentication system for authenticating elec- 
tronic data, comprising an authentication-enabled 
electronic data generating device and an electronic 
data authenticating device, wherein: 

50 

said authentication-enabled electronic data 
generating device includes: 

means for embedding digital-signature 
appended authentication information for 55 
authenticating electronic data as an invisi- 
ble digital watermark into a first image and 
subjecting the f irst image with the invisible 



digital watermark to a visually-recogniza- 
ble alteration to generate a second image; 
and 

means for generating as the authentica- 
tion-enabled electronic data mark-pasted 
electronic data obtained by inserting the 
second image into the electronic data, and 

said electronic data authentication device 
includes: 

means for performing a display operation 
containing the display of the second image 
of the authentication-enabled electronic 
data; and 

means for authenticating the authentica- 
tion-enabled electronic data on the basis of 
the digital-signature appended authentica- 
tion information which is extracted from the 
second image and embedded as a digital 
watermark. 
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FIG. 6 
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